In response to https://httpoxy.org/ (which has no actual ASF
vulnerability we are aware of) the HTTP, Tomcat and ATS projects
collected feedback, along with validation from the Perl project;

https://www.apache.org/security/asf-httpoxy-response.txt

Does it make sense to blog this, or at least R/T from @TheASF?

Reply via email to